By default, a Windows 10 or earlier PC is aptly named – it’s like a house with an open window. If the first prompt you see when you power your computer on is a Windows login screen, your data is totally insecure. Even if it wasn’t easy to crack the password, the data still remains completely unencrypted.
In Windows 11 your data may or may not be encrypted, depending if you’re logged into it with a Microsoft account, which brings its own security and privacy issues.
But whichever version of Windows you use, we would recommend VeraCrypt for full disk encryption. The interface looks a little daunting at first but it is in fact quite straightforward to set up and use: once the program is installed, encrypt your system drive (from the main VeraCrypt window go to Tools → Volume Creation Wizard and follow the prompts, using the default options), and you’re good to go.
From then on at system startup, simply enter your password, leave the PIM value blank (again, there’s no need to change this value) and from then on the system will act as normal, with no noticeable impact on performance even with older hardware. Once the system is shut down, no data can be accessed again without entering the password.
VeraCrypt mandates a minimum password length of 20 characters, meaning anything beyond the very poorest passwords simply do not stand a chance of getting breached. VeraCrypt uses a mechanism called header key derivation to increase the time it takes between password attempts.
Of course, you will need to encrypt any other drives you need protecting, or store any sensitive data not on the system drive in an encrypted container. If you have another drive or partition (a drive with a different letter on the same physical drive as the Windows system drive) that’s permanently attached to the computer, encrypt it fully (again, with the Volume Creation Wizard), use the same encryption password, and set it as a System Favorite Volume for it to automatically mount at when you boot the computer. Any removable drives you have encrypted will have to be mounted manually after they are connected before you can access them.
If you put your computer in “Sleep” mode instead of turning it off, this saves everything including your encryption password to memory. The best practice is to shut the computer down completely or use Hibernate mode if you want a slightly faster startup time. If you insist on using Sleep mode, then at least use a Windows login password to resume the session and disable AutoPlay, as this will mean anyone at your computer will be unable to immediately use it and inevitably turn it off, thereby taking your password out of memory.
It is obviously essential that you don’t forget the encryption password! See our password tips [link to future content] for advice on choosing, and remembering passwords.
Given the amount of potentially valuable information stored on every modern computer, using VeraCrypt really is an easy way to give yourself peace of mind.
Leave a Reply